CVE-2023-32799: 
WordPress vulnerability analysis and mitigation

The CVE-2023-32799 is an Authorization Bypass Through User-Controlled Key vulnerability affecting WooCommerce Shipping Multiple Addresses plugin versions up to and including 3.8.3. The vulnerability was discovered and reported by Rafie Muhammad from Patchstack on April 10, 2023, and was publicly disclosed on May 15, 2023 (Patchstack).

The vulnerability is classified as CWE-639 (Authorization Bypass Through User-Controlled Key) and has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability is network accessible, requires low attack complexity, needs low privileges, requires no user interaction, and has a high impact on confidentiality but no impact on integrity or availability (NVD).

The vulnerability allows malicious actors to bypass authorization and authentication mechanisms, potentially leading to unauthorized access to sensitive files, folders, or database interactions. The CVSS score of 6.5 indicates a medium severity impact on affected systems (Patchstack).

The vulnerability has been fixed in version 3.8.4 of the WooCommerce Shipping Multiple Addresses plugin. Users are advised to update to version 3.8.4 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).